ThrottleNet Inc. Blog

 

From the category archives: Security

Read about the latest security breaches, best practices and how to secure your business on the ThrottleNet blog. Check out our security archives below.

Evaluating the Many Information Security Risks for Banks

Bank Information Security - ThrottleNetAccording to a report out of the UK, a recent examination of 278 million lines of code in 1,388 applications worldwide, there were 1.3 million weaknesses that could potentially allow hackers to take advantage of corporate systems.

The financial industry is unfortunately one that is most likely to be vulnerable to hackers, which is certainly eye-opening considering the vast collection of customer data that these organizations hold and continue to grow.

While overall, organizations take the security of web applications seriously, the greatest security flaws in banking websites exist in those that are between 5-10 years old. What are the information security risks for banks?

Read the rest of entry »

Wireless: How Often Do You Connect?

By Aaron Oliver

Wireless connectivity seems to be everywhere these days.  Most businesses are offering or touting free wireless connections. Because of this it makes it easy for the professional workforce to work from virtually anywhere, and we have grown accustomed to toting our laptops and tablets around with connectivity anywhere we go. You go for coffee or dinner and jump on the free Wi-Fi connection at the restaurant or cafe because it is faster than your mobile connection, and it saves you money on your mobile data package.

When businesses decide to offer free wireless, how do you think they accomplish it? Do they hire the best contractor or consultant? Sometimes yes, the business owner calls the correct person or company to come out and install a secure protected wireless network. However, often small businesses and cafes will call "their guy" who has setup multiple wireless networks and “knows all about them.” They go and buy a residential router form Walmart and plug it into an internet connection, and boom, that business now advertises "free Wi-Fi". The business owner has no idea that they have deployed their new free Wi-Fi without any kind of security or enterprise level features that they should be concerned about having.

Read the rest of entry »

5 Cyber Security Awareness Tips for Business to Celebrate National Cyber Security Awareness Month

5 Cyber security awareness tips

Since 2014, October has been billed as National Cybersecurity Awareness Month (NCSAM), sponsored by the National Cyber Security Alliance, a non-profit organization launched by the Department of Homeland Security. 

 

While NSCAM aims to protect the public at large, businesses can embrace the month of October as well, and use the month as a time to reflect on their own cyber security efforts and try to improve processes in time for the new year. 

In honor of NSCAM, get some cyber security awareness tips small business owners should take to secure their business, powered by your friends at ThrottleNet. 

Read the rest of entry »

The Latest on the Equifax Breach: How to Find Out If You Were a Victim & What You Can Do to Protect Yourself

 

Credit Bureau Equifax was the latest victim of a massive cyber-attack, the company announced last week.

 

Between May and July, hackers exploited the Equifax website to gain access to personal information of 143 million US consumers, including names, social security numbers and driver’s license numbers.

To add perspective to that number, about 250 million people over the age of 18 likely have a credit file. This attack was massive, affecting roughly 57% of all American adults.

The “good news”, if there is any, is that it appears credit card numbers of “only” 209,000 individuals (0.14% of victims) were exposed in the attack.

The attack also has some Equifax execs in hot water, as they sold their company stock days after the hack which was yet to be disclosed to the public. But for you, customers, how do you find out if you were affected by the breach and what to do if you were?

 

Read the rest of entry »

IoT Security in Your Business & Home

By Aaron Oliver

 

IoT, what is it? It is the "Internet of Things", and is basically all of the consumer and business appliances that people now days call smart. Your smart TV, your internet connected picture frame, your home or office security cameras, your Amazon echo, and Google home device. These devices have become the craze over the last few years as people rush to stay connected and try to make getting access to things and information quicker and more convenient. But is there a price to all this convenience, and what are the true costs?

Think for just a second about how many things are in your home and office that communicate over the internet in some form or fashion. A few years ago, the number of devices may have included just your computers and your phones and you could count the number of devices on one hand. If you think about it for a moment you may not even have realized that you now have 27 or even more devices in your home connected to the internet. 27 is the number of things I had in my home, and our small office has even more devices. So now I must ask you, who or what is making sure that these things are secure?

Well, the companies who sell you these devices, if they are reputable are probably thinking about security and even releasing patches and updates for the products you have in your home and office. But there are so many fly by night and small companies getting into the IoT space, and most of them are just worried about functionality and using watered down insecure methods of connectivity. This can lead to leaving your business and even your home network susceptible to attack and intrusion.

Read the rest of entry »

Should I Use a Password Manager? What You Should Know About Tools Built for Protecting Passwords

http://www.istockphoto.com/photo/man-recalling-gm519189110-90409787 Using a password manager - ThrottleNetPassword managers like LastPass, Dashlane, Zoho and True Key provide an easy way to go about remembering and protecting passwords, but are they safe? Should you be using a password manager? 

A password manager is a very useful and effective tool in helping users generate and store confidential login information for all of the sites that you can’t keep track of. 

One of the most important best practices of password protection is to never use the same password twice – but sometimes it’s just easier to use the same password for your personal Facebook account as you do for your cloud access at work. 

The best password managers don’t just store your precious access keys, but they have functionality built in to randomly generate the perfect password – one with a combination of letters, cases, numbers and special characters that you would never remember on your own.

Read the rest of entry »

You may hate it, but update your Phone!

By Aaron Oliver

Alright, I know that the subject of updating your phone for some people may seem arbitrary but it is actually very important. I can’t tell you how many people I know who absolutely loathe updating their mobile phones and tablets, and downright refuse to do so until something they need requires a certain OS version to work. Many have been effected by a bad update or their phone did not install one properly, leaving them with an expensive paperweight until they took it in to have it looked at. These experiences are less and less common as the manufactures have went to great lengths to prevent this after several botched updates a few years back. Today, I want to discuss why refusing to update is not a great idea!

How much sensitive data is stored on your phone? You may say not much, but after thinking about it, I would bet you would be surprised. Do you do any of the following?

  • Keep notes with Passwords?
  • Log into your Bank?
  • Keep notes with your or your Children's Personal information? 
  • Store Insurance information? 
  • Shop online with Apps that save your passwords? 
  • Company or client sensitive information?

A lot could be gained if you phone was in the wrong hands. But right now it is not it is in your hands and you have a passcode, so even if stolen, your information is safe? Good for you! But what if an attacker did not have to steal your phone to take over it or access all of your data? 

Read the rest of entry »

10 Tips for Improving Small Business Cyber Security

Cyber security should never be taken lightly; even at the smallest of companies. 

At ThrottleNet, we understand the challenges it takes to run a business, because at the end of the day, we’re a business, too. We know that for some, staying up-to-date on the latest trends in small business cyber security while keeping track of everything else is difficult.

However, in light of recent ransomware attacks like WannaCry and the growing sophistication of phishing attacks, all small businesses owners should have a basic understanding of cybersecurity and the measures they can take to prevent a breach from hurting their business. 

Read the rest of entry »

Knowing your IT Staff and their Practices!

By Aaron Oliver

So last month I touched on the fact that having your employee rosters and contact info on your website can be a treasure for someone looking to social engineer their way into your companies network. I had some feedback asking for ways to mitigate this risk if the information had already been out there. Well there are probably a few things that every company should be doing to help educate their employees to protect against these Social Engineering and Phishing attacks. The easiest way to protect your organization whether you have an internal IT staff or an outsourced managed services provider, is to educate your users on who does the IT support for your organization.

If you're using an internal IT staff, your users should be aware of the names of the IT staff, as well as the extensions and phones numbers that these support personnel would be calling from. Your employees should also know how their IT support team connects to their systems for remote support. If the users in your organization know that your IT support uses the Logmein tool, it should be a red flag if someone posing as IT support calls and tries to get a remote session in some other way like Teamviewer, or some other third party tool!

Read the rest of entry »

Malware, Social Engineering, and your WEBSITE?

By Aaron Oliver

Over the past year cyber security has been thrust to the forefront of cyber related news as there have been several worldwide attacks in the form of malware and ransomware. Most recently the "WannaCry" outbreak that paralyzed thousands of companies’ systems was talked about by every news organization on the planet. But there is another very common cyber threat that you don’t hear about as often, it is responsible for millions of systems being compromised and is often how some of these global events get started. It’s called “Social Engineering”.

Social engineering can take many forms and can be employed in several different ways. An attacker may call and pretend they are with your IT team and ask for information or for remote access to your employees’ systems. Once they gain access to a system attackers can deploy programs that will allow them to log back in later for more investigation into how the network is setup or do malicious things.

Read the rest of entry »